Getting Started
Trust CenterTourStatusPageSupport

Can a backscan be forced?

Suggest Edits

Yes, there is a way to force a backscan on a Stairwell forwarder. Typically the main reason to force a backscan is if the initial backscan was skipped, but these steps will work in all cases.

Windows

You can use the following script to force a backscan on all versions of the Windows forwarder.

# restart_backscan.ps1 # 
# Force a backscan to restart by clearing the existing backscan values from the registry, and restarting the forwarder service.
# Handles both legacy and modern versions of the Windows Forwarder.
#
# Must be run as Admin.
#
# Copyright Stairwell, Inc, 2024
function Write-Values {
    param (
        [string]$registryPath
    )

    $registryValues  = Get-ItemProperty -Path $registryPath 
    $registryValues.PSObject.Properties | ForEach-Object {
        if ($_.Name -ne "PSPath" -and $_.Name -ne "PSParentPath" -and $_.Name -ne "PSChildName" -and $_.Name -ne "PSDrive" -and $_.Name -ne "PSProvider") {
            Write-Host "    $($_.Name) = $($_.Value)"
        }
    } 
}

function Reset-Backscan {
    param 
    (
        [string]$serviceName,
        [string]$registryPath
    )

    $result = $false

    # Check if the service exists
    $service = Get-Service -Name $serviceName -ErrorAction SilentlyContinue
    if ($null -eq $service) {
        Write-Host "Service $serviceName does not exist. Skipping."
        return $false
    }

    try {
        # Stop the service
        Write-Host "Stopping $serviceName..."
        Stop-Service -Name $serviceName -Force -ErrorAction Stop
    } catch {
        Write-Host "Failed to stop the $serviceName service: $_"
        Write-Host "Ensure that you are running with Admin rights."
        return $false
    }

    # Check if the registry key exists
    if (Test-Path $registryPath) {

        # Print out the current registry values
        Write-Host "Pre-modified values under $registryPath..."
        Write-Values($registryPath)

        # Delete any existing status
        Remove-ItemProperty -Path $registryPath -Name "BackscanStatus" -Force -ErrorAction SilentlyContinue
        Remove-ItemProperty -Path $registryPath -Name "BackscanComplete" -Force -ErrorAction SilentlyContinue
        Remove-ItemProperty -Path $registryPath -Name "BackscanStarted" -Force -ErrorAction SilentlyContinue
        Remove-ItemProperty -Path $registryPath -Name "TotalVolumes" -Force -ErrorAction SilentlyContinue
        Remove-ItemProperty -Path $registryPath -Name "VolumesComplete" -Force -ErrorAction SilentlyContinue
        Remove-ItemProperty -Path $registryPath -Name "FullVolumeScan" -Force -ErrorAction SilentlyContinue

        # Make sure backscan is enabled
        Set-ItemProperty -Path $registryPath -Name "FullVolumeScan" -Value 1 -Type DWord -Force

        #
        # Required due to a bug in pre 1.6.4 - remove any volume complete status's that we find.
        #
        $registryValues  = Get-ItemProperty -Path $registryPath 
        # Regex pattern to match a GUID
        $guidPattern = '[A-Fa-f0-9]{8}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{4}-[A-Fa-f0-9]{12}'
        $registryValues.PSObject.Properties | ForEach-Object {
            if ($_.Name -match $guidPattern) {
                Write-Host "Found volume GUID value: $($_.Name)"
                Remove-ItemProperty -Path $registryPath -Name $_.Name -ErrorAction SilentlyContinue
            }
        } 

        $result = $true
    } else {
        Write-Host "Registry key $registryPath does not exist. This is unexpected. Skipping registry configuration."
        $result = $false
    }

    Write-Host "Post-modified values under $registryPath..."
    Write-Values($registryPath)

    # Start the service
    try{
        Write-Host "Starting $serviceName..."
        Start-Service -Name $serviceName -ErrorAction Stop
    } catch {
        Write-Host "Failed to start the $serviceName service: $_"
        return $false
    }

    return $result
}

Write-Host "`nWindows Forwarder Backscan Reset Script"
Write-Host "Version 1.0"
Write-Host "Copyright Stairwell, Inc., 2024`n"

# 1.4.x, 1.6.0+ - modern forwarder
$stairwellSuccess = Reset-Backscan -serviceName "StairwellForwarder" -registryPath "HKLM:\Software\Stairwell\SwellService"

# pre 1.4 or 1.5.1 - legacy forwarder
$inceptionSuccess = Reset-Backscan -serviceName "InceptionForwarder" -registryPath "HKLM:\Software\Stairwell\Inception"

# We expect to have exactly one forwarder on the machine
if ($stairwellSuccess -xor $inceptionSuccess) {
    Write-Host "`Script ran succesffully."
} else {
    Write-Host "`Script failed. Please contact Stairwell and provide the output of this command."
}

Linux

  1. Stop the Stairwell Service
  2. Remove the backscan file /var/lib/stairwell/scansession.json
  3. Start the Stairwell service
systemctl stop stairwell
rm /var/lib/stairwell/scansession.json
systemctl start stairwell

Mac

  1. Delete Keychain entries for backscans
sudo security delete-generic-password -a FullDiskScanState  
sudo security delete-generic-password -a FullScanStatus
  1. Reload the forwarder
sudo /Applications/Inception\\ Forwarder.app/Contents/MacOS/Inception\\ Forwarder uninstall-extension  
sudo /Applications/Inception\\ Forwarder.app/Contents/MacOS/Inception\\ Forwarder install-extension

Updated 30 days ago